Mailinglist Archive: opensuse (1620 mails)

< Previous Next >
Re: [opensuse] Fresh 13.2 install fail - two problems - help please
On 11/08/2014 10:09 AM, listreader wrote:
On Sat, 08 Nov 2014 11:35:28 -0500
Anton Aylward <opensuse@xxxxxxxxxxxxxxxx> wrote:

But I don't encrypt data on static machines.
(usually)

An encrypted FS or data store that is available in the clear while the
system is booted anyway makes no sense to me. It only makes sense if
the machine itself is physically insecure, that the drive could be
stolen. And not really even then; if the machine is physically
insecure the whole thing could be stolen, and booted, or the data
extracted while the machine was running, or, given physical access, a
keystroke recorder could be plugged in.

Well, it depends on WHO you are trying to protect your data from. In
my case, I live in the very rural South of the USA. The "threat" to my
data is primarily not from government spooks or knowledgeable hackers
but instead from common criminals. While I am home on my property they
are no threat, we are all armed here and protected by the "castle
doctrine", i.e. you come on my property uninvited I can take you out,
no questions to be answered afterwards. But, when I travel and property
is vacant for more than a few days, it is another story. No one would
hear a burglar alarm going off, and silent alarms are not useful when
the responding sheriff might be 30 minutes or more away on the other
side of the county when needed. So, you do all you can to protect your
property and that includes protecting your data should the criminal
gain actual access into your buildings and steal your machines. LUKS
works fine to protect data on shut-down machines.

Then there's the issue of backups. Are they done of the encrypted FS
or are they done of the running, unencrypted FS? Are the backups,
which are not on portable media, encrypted and/or physically
protected?

My backups are done from the running unencrypted fs, and onto LUKS
encrypted USB sticks (full backups) or LUKS encrypted SD cards
(incrementals). Works for me.

Ralph


I worry about my traveling laptop. That's far more likely to get stolen
than something from my home. I encrypt my /home and proprietary data/code
directories
for my day job.



I also use ddclient to map a both my internal and external IP to a dynamic dns
provider.



--
After all is said and done, more is said than done.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups